Download me—Saying “yes” to the Web’s most dangerous search terms

Seeking "free games" and getting burned by illicit downloads is so 2008, right?

There’s a saying—"there’s no such thing as a free lunch." On the Web, however, it sure seems like there is. In the time span of a lunch break, a few keywords in a search engine promise free entertainment, just several clicks away. We all know the catch, though. These freebies can come with freeloading adware, malware, and other unwanted programs and plugins. This was particularly true in the Internet’s early days, but in the past decade, tech giants such as Google, Microsoft, and Yahoo—the three major players in search today—have deployed significant resources to prevent adware and malware from compromising their Web browsers, e-mail services, and websites. It can't be that bad in 2013, right?

Answering this question required a little experiment, one inspired by the documentary Super-Size Me. That film chronicles Morgan Spurlock’s month-long fast food “diet” during which he limited his exercise and knowledge about healthy eating, had to order everything on the McDonald’s menu at least once, and never said no to an upgrade offer.

What could possibly go wrong?

Allie Brosh, Hyperbole and a Half

The Web version of this is simpler and better for an individual's (physical) health. From a clean computer fresh off an OS install, enter some of the most popular, plausible generic free keyword searches on a popular Web browser. Next, open all of the links in the search results (ads and otherwise) and download the first thing on the landing pages, recording where it went and what it did. Like Spurlock, I would limit my knowledge about what was safe or risky and take no (Internet) precautions beyond the default settings. The same rules applied for installing the program afterward. And in the Web's version of "would you like to super-size that?" I had to say yes to whatever was offered. There would be no avoiding a Web culture of excess and extras.

More programs included with the installation? MOAR! After each keyword search and installation was complete, I’d run several (free) popular antivirus programs to detect unwanted programs and record the installed programs, browser plugins, and extensions. That way it's easy to check later for Internet notoriety.

Time to travel back to 2008

After a little research, I decided to search for free games, music, e-cards, a wallpaper, and a screensaver for my new computer. This appears to cover a spectrum of entertainment options available on the Web, but several ground rules guided me in selecting these items:

The content had to be plausibly free (“free” had to be the leading keyword) and legal (no purposefully targeting torrents, P2P).

To replicate the high bounce rates common for Internet browsing, I exited if I needed to create an account or provide an e-mail or login. I also exited if there was no immediate download option from the landing page, although I was happy to click through several pages or redirections if it promised a free download (though it couldn’t be an unrelated third-party ad).

The searched-for content had to be entertainment-oriented (no malware/spyware/antivirus searches), but it could not come from adult sites (online gambling, porn, webcams). In other words, the idea was to look for fun, free stuff—not trouble directly.

To no one's surprise, the keywords I selected were popular. However, they were also really, really dangerous. Each search qualified for the "Top 50 Most Riskiest Search Terms in the US" list from McAfee's 2008 roundup, The Web’s Most Dangerous Search Terms report. This experiment even included a pair of No. 1 ill-advised searches:

Search Term Claim to Fame

"free e-cards," listed in the McAfee Top 50, US

"free game cheats," “game cheats” qualifies as a McAfee Top 50

"free games," noted as popular generic search query

"free lyrics," “lyrics," and “song lyrics” were among the McAfee Top 50

"free music downloads," the No. 1 term for Average Risk, McAfee Top 50

"free screensaver," noted as a popular generic search query

"free wallpaper," “wallpaper” is a McAfee Top 50

"free word unscrambler," the No. 1 term for Maximum Risk, McAfee Top 50

In the McAfee report, "free" had the highest category risk. When you run software from an untrusted source, it exposes information about your operating system to the installer, such as your computer model, your IP address, your programs, and what browser you have. And if you are installing software from an adware kingpin, revealing this information is not good. Your information is directly on its way to the adware server.

A computer security expert I consulted beforehand pointed out a potential foil to my experiment. Since I would be installing many adware programs in a short time period—some likely from the same source through different adware networks controlled by the same entity—there was a chance my IP address would be flagged as a particularly gullible user. Other devices using that same IP address later could be vulnerable to a targeted attack if I used a fixed IP address or a narrow range. This required a simple shift. To increase anonymity, free public Wi-Fi was used (and it's likely where you could typically expect some of the downloading behavior I was about to replicate). Combine this with a clean install containing no personal information, and the experiment was as safe as anything involving McAfee may get.

And so it begins...

So were these search risks, like human gullibility and those looking to profit from it, timeless or just trends of 2008?

Since Windows is the dominant operating system today, I used a MacBook Pro with a Windows 7 64 bit OEM virtualization via Parallels 7. This functioned basically as a PC petri dish and a sandbox for the potentially dangerous software. I could revert to the original pre-search image after each query—back to default programs with only Mozilla Firefox (one of the three most widely used Internet browsers) and two free popular malware detection programs, Microsoft Security Essentials and Lavasoft’s Ad-Aware.

For each search, I opened a new browser window in Mozilla Firefox—in private browsing mode—and navigated to Google’s search homepage. I saved the image of the clean computer state to Parallels, allowing me to run each search term in a standardized fashion before reverting to the beginning again.

231 Reader Comments

Google is the worst offender for installing unwanted software, nowadays. Almost everything you install either installs the google toolbar or Chrome. When working on customers machines, they almost all have Chrome and no one even knows what it is.

keep in mind these are "average" users, not computer literate people, but that is the bulk of society, not those of us in the know.

RE MSE's failings: I recall reading something recently where MS defended poor results in a review by claiming MSE was only intended to cover the gaps in IE's built in protection and the reviewer used a different browser.

I absolutely love this article. Thank you for doing this because I'm printing this out and giving it to every family member, friend, co-worker and acquaintance that constantly comes asking me to help fix their computer.

And when they say, "I swear I didn't download anything". I'm going to ball up the printout and shove it down their throat.

I used to help people remove this crap back in the late 90s early 2000s. Now I just tell them to format/reinstall.

It blows my mind... people who will be totally skeptical when someone offers them something for "free" out in the world will swallow it hook, line and sinker if its on the web.

TANSTAAFL is the correct form of the phrase discouraging the expectation of zero cost PBJs.

Great article - I've wasted huge amounts of time trying to explain to nontechnical family and friends why 'free' is a bad thing almost every time. Sadly, I still see commercial users doing things that are at the least a violation of acceptable use policies and sometimes just downright STUPID; downloading a torrent to their office PC, etc.

IMO, toolbars should be considered malware regardless of source or 'usefulness'; they're all memory / resource whores as well as infection vectors.

I'd be curious if something like IE's smart screen is effective at stopping this kind of stuff; it seems like the mechanism behind that (block known bad domains and unknown domains) would stop some of the more exotic domains these downloads often come from.

Unrelated, that crapped up Firefox actually mirrors something I've seen on a user's computer before too, which is frightening.

This looks like a review of my 11 year old nephew's laptop. I cleaned it up the first time I saw the mess after him using it for only a few weeks and tried to give him the "talk" about what not do. Then a few month later I saw the mess was back and more than before. I cleaned it again, locked it down with proper user accounts, and then applied the parental locks and gave the talk to his father as well. I said to not give him the admin password. Needless to say I gave up after neither of them listened. I don't even see how the laptop is even usable at this point, but it's still around.

Also, I think if you are searching for song lyrics and "phish" comes up as a suggestion then maybe in this case it has more to do with the band than with getting scammed.

RE MSE's failings: I recall reading something recently where MS defended poor results in a review by claiming MSE was only intended to cover the gaps in IE's built in protection and the reviewer used a different browser.

My understanding was that MSE is mostly an anti-virus program, much less so anti-adware. The logic is, purportedly, that if you install the program yourself, even if you're tricked into it, then Microsoft puts itself on very shaky legal ground by identifying it as bad. In essence, they don't want to get in trouble for nuking "legitimately installed" software. Lavasoft doesn't have such restrictions because they don't also write the OS and other programs, so there can be no claim that they're abusing their monopoly or such. Make of that what you will.

With experiences like that, I'm not surprised that Apple is making a killing from people running into the warm embrace of their walled garden.

I fully support the idea that you should be able to download and run whatever you like, but unfortunately companies in this article have pretty much ruined it to the point that people are more than willing to trade that freedom in so that they don't end up in this mess.

With experiences like that, I'm not surprised that Apple is making a killing from people running into the warm embrace of their walled garden.

I fully support the idea that you should be able to download and run whatever you like, but unfortunately companies in this article have pretty much ruined it to the point that people are more than willing to trade that freedom in so that they don't end up in this mess.

"They who would give up an essential liberty for temporary security, deserve neither liberty or security."

I believe this is the place where Linux distro would be useful. If the end user has tech skills of a brick and does not use computer for anything other than browsing, Linux's security-by-obscurity defense works well here, all of this adware won't be able to run.As well as actual "free" programs that were downloaded, of course.

RE MSE's failings: I recall reading something recently where MS defended poor results in a review by claiming MSE was only intended to cover the gaps in IE's built in protection and the reviewer used a different browser.

I fail to see how anyone would be surprised this stuff is still around. Be it 1813, 1913, 2013, or even 2413 there are always going to be enough gullible people around to make stuff like this profitable.

I'm going to go out on a limb here, but "free lyrics phish" is probably NOT a warning sign. Well, I suppose it might be, but not for internet phishing. There's a band named "Phish". I think they may even predate the internet term

I'm going to go out on a limb here, but "free lyrics phish" is probably NOT a warning sign. Well, I suppose it might be, but not for internet phishing. There's a band named "Phish". I think they may even predate the internet term

I'd say before your time, but they're still around!!

The term "phishing" was coined in the mid-90s and the band Phish was formed in 1983. The usage of "ph" instead of "f" to sound cool, however, is much older as hacking phone lines was referred as "phreaking" before that, making "phishing" an homage of sorts to the practice.